zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6325 Commits
183 Branches
291 MiB
Tree: 40342bfa4a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '40342bfa4a'
${ noResults }
tendermint/lite/inquiring_certifier.go

163 lines
4.4 KiB
Raw Normal View History

Vulnerability in light client proxy (#1081) * Vulnerability in light client proxy When calling GetCertifiedCommit the light client proxy would call Certify and even on error return the Commit as if it had been correctly certified. Now it returns the error correctly and returns an empty Commit on error. * Improve names for clarity The lite package now contains StaticCertifier, DynamicCertifier and InqueringCertifier. This also changes the method receivers from one letter to two letter names, which will make future refactoring easier and follows the coding standards. * Fix test failures * Rename files * remove dead code
7 years ago
 
  1. package lite
  2. 

  3. import (
  4. 	"github.com/tendermint/tendermint/types"
  5. 

  6. 	liteErr "github.com/tendermint/tendermint/lite/errors"
  7. )
  8. 

  9. var _ Certifier = (*InquiringCertifier)(nil)
  10. 

  11. // InquiringCertifier wraps a dynamic certifier and implements an auto-update strategy. If a call

  12. // to Certify fails due to a change it validator set, InquiringCertifier will try and find a

  13. // previous FullCommit which it can use to safely update the validator set. It uses a source

  14. // provider to obtain the needed FullCommits. It stores properly validated data on the local system.

  15. type InquiringCertifier struct {
  16. 	cert *DynamicCertifier
  17. 	// These are only properly validated data, from local system

  18. 	trusted Provider
  19. 	// This is a source of new info, like a node rpc, or other import method

  20. 	Source Provider
  21. }
  22. 

  23. // NewInquiringCertifier returns a new Inquiring object. It uses the trusted provider to store

  24. // validated data and the source provider to obtain missing FullCommits.

  25. //

  26. // Example: The trusted provider should a CacheProvider, MemProvider or files.Provider. The source

  27. // provider should be a client.HTTPProvider.

  28. func NewInquiringCertifier(chainID string, fc FullCommit, trusted Provider,
  29. 	source Provider) (*InquiringCertifier, error) {
  30. 

  31. 	// store the data in trusted

  32. 	err := trusted.StoreCommit(fc)
  33. 	if err != nil {
  34. 		return nil, err
  35. 	}
  36. 

  37. 	return &InquiringCertifier{
  38. 		cert:    NewDynamicCertifier(chainID, fc.Validators, fc.Height()),
  39. 		trusted: trusted,
  40. 		Source:  source,
  41. 	}, nil
  42. }
  43. 

  44. // ChainID returns the chain id.

  45. // Implements Certifier.

  46. func (ic *InquiringCertifier) ChainID() string {
  47. 	return ic.cert.ChainID()
  48. }
  49. 

  50. // Validators returns the validator set.

  51. func (ic *InquiringCertifier) Validators() *types.ValidatorSet {
  52. 	return ic.cert.cert.vSet
  53. }
  54. 

  55. // LastHeight returns the last height.

  56. func (ic *InquiringCertifier) LastHeight() int64 {
  57. 	return ic.cert.lastHeight
  58. }
  59. 

  60. // Certify makes sure this is checkpoint is valid.

  61. //

  62. // If the validators have changed since the last know time, it looks

  63. // for a path to prove the new validators.

  64. //

  65. // On success, it will store the checkpoint in the store for later viewing

  66. // Implements Certifier.

  67. func (ic *InquiringCertifier) Certify(commit Commit) error {
  68. 	err := ic.useClosestTrust(commit.Height())
  69. 	if err != nil {
  70. 		return err
  71. 	}
  72. 

  73. 	err = ic.cert.Certify(commit)
  74. 	if !liteErr.IsValidatorsChangedErr(err) {
  75. 		return err
  76. 	}
  77. 	err = ic.updateToHash(commit.Header.ValidatorsHash)
  78. 	if err != nil {
  79. 		return err
  80. 	}
  81. 

  82. 	err = ic.cert.Certify(commit)
  83. 	if err != nil {
  84. 		return err
  85. 	}
  86. 

  87. 	// store the new checkpoint

  88. 	return ic.trusted.StoreCommit(NewFullCommit(commit, ic.Validators()))
  89. }
  90. 

  91. // Update will verify if this is a valid change and update

  92. // the certifying validator set if safe to do so.

  93. func (ic *InquiringCertifier) Update(fc FullCommit) error {
  94. 	err := ic.useClosestTrust(fc.Height())
  95. 	if err != nil {
  96. 		return err
  97. 	}
  98. 

  99. 	err = ic.cert.Update(fc)
  100. 	if err == nil {
  101. 		err = ic.trusted.StoreCommit(fc)
  102. 	}
  103. 	return err
  104. }
  105. 

  106. func (ic *InquiringCertifier) useClosestTrust(h int64) error {
  107. 	closest, err := ic.trusted.GetByHeight(h)
  108. 	if err != nil {
  109. 		return err
  110. 	}
  111. 

  112. 	// if the best seed is not the one we currently use,

  113. 	// let's just reset the dynamic validator

  114. 	if closest.Height() != ic.LastHeight() {
  115. 		ic.cert = NewDynamicCertifier(ic.ChainID(), closest.Validators, closest.Height())
  116. 	}
  117. 	return nil
  118. }
  119. 

  120. // updateToHash gets the validator hash we want to update to

  121. // if IsTooMuchChangeErr, we try to find a path by binary search over height

  122. func (ic *InquiringCertifier) updateToHash(vhash []byte) error {
  123. 	// try to get the match, and update

  124. 	fc, err := ic.Source.GetByHash(vhash)
  125. 	if err != nil {
  126. 		return err
  127. 	}
  128. 	err = ic.cert.Update(fc)
  129. 	// handle IsTooMuchChangeErr by using divide and conquer

  130. 	if liteErr.IsTooMuchChangeErr(err) {
  131. 		err = ic.updateToHeight(fc.Height())
  132. 	}
  133. 	return err
  134. }
  135. 

  136. // updateToHeight will use divide-and-conquer to find a path to h

  137. func (ic *InquiringCertifier) updateToHeight(h int64) error {
  138. 	// try to update to this height (with checks)

  139. 	fc, err := ic.Source.GetByHeight(h)
  140. 	if err != nil {
  141. 		return err
  142. 	}
  143. 	start, end := ic.LastHeight(), fc.Height()
  144. 	if end <= start {
  145. 		return liteErr.ErrNoPathFound()
  146. 	}
  147. 	err = ic.Update(fc)
  148. 

  149. 	// we can handle IsTooMuchChangeErr specially

  150. 	if !liteErr.IsTooMuchChangeErr(err) {
  151. 		return err
  152. 	}
  153. 

  154. 	// try to update to mid

  155. 	mid := (start + end) / 2
  156. 	err = ic.updateToHeight(mid)
  157. 	if err != nil {
  158. 		return err
  159. 	}
  160. 

  161. 	// if we made it to mid, we recurse

  162. 	return ic.updateToHeight(h)
  163. }